-
Notifications
You must be signed in to change notification settings - Fork 0
/
verify-dsc-validity.ts
43 lines (41 loc) · 1.7 KB
/
verify-dsc-validity.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
import forge from 'node-forge'
import { SKI_PEM, SKI_PEM_DEV } from './constants/skiPem'
import { derToBytes } from './conversion'
function getCSCAPem(formattedValueAdjusted: string, dev_mode: boolean): string {
const skiPem = dev_mode ? { ...SKI_PEM, ...SKI_PEM_DEV } : SKI_PEM
const pem = skiPem[formattedValueAdjusted]
return pem
}
export function verifyDSCValidity(dscCertificate: forge.pki.Certificate, dev_mode: boolean) {
const authorityKeyIdentifierExt = dscCertificate.extensions.find(
(ext) => ext.name === 'authorityKeyIdentifier',
)
const value = authorityKeyIdentifierExt.value
const byteArray = derToBytes(value)
// @ts-ignore
const formattedValue = byteArray.map((byte) => byte.toString(16).padStart(2, '0')).join('')
const formattedValueAdjusted = formattedValue.substring(8) // Remove the first '3016' from the formatted string
const csca_pem = getCSCAPem(formattedValueAdjusted, dev_mode)
if (csca_pem === null || csca_pem === undefined) {
console.error('Error: CSCA PEM not found')
throw new Error('CSCA PEM not found')
}
const csca_certificate = forge.pki.certificateFromPem(csca_pem)
try {
const caStore = forge.pki.createCaStore([csca_certificate])
const verified = forge.pki.verifyCertificateChain(caStore, [dscCertificate])
if (!verified)
throw new Error('DSC certificate verification failed')
const currentDate = new Date()
if (
currentDate < dscCertificate.validity.notBefore
|| currentDate > dscCertificate.validity.notAfter
) {
throw new Error('DSC certificate is not within its validity period')
}
return true
} catch (error) {
console.error('DSC certificate validation error:', error)
return false
}
}